diff options
| author |   claudio <claudio@openbsd.org> | 2017-01-23 23:30:43 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2017-01-23 23:30:43 +0000 |
| commit | de5c2eed523754d96e5b2e95326c834813354d6f (patch) | |
| tree | 9ebaae7263351bc9047e9446634a95a774e35f36 | |
| parent | Allocate all memory chunks, and potentially sleeping, before freeing (diff) | |
| download | wireguard-openbsd-de5c2eed523754d96e5b2e95326c834813354d6f.tar.xz wireguard-openbsd-de5c2eed523754d96e5b2e95326c834813354d6f.zip | |
Make util.c fatal() free by allowing undefined behaviour in prefix_compare.
If you pass in crap then you will not get gold back.
| -rw-r--r-- | usr.sbin/bgpd/util.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/usr.sbin/bgpd/util.c b/usr.sbin/bgpd/util.c index a660f38a393..b6d908a1560 100644 --- a/usr.sbin/bgpd/util.c +++ b/usr.sbin/bgpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.22 2017/01/13 18:59:12 phessler Exp $ */ +/* $OpenBSD: util.c,v 1.23 2017/01/23 23:30:43 claudio Exp $ */ /* * Copyright (c) 2006 Claudio Jeker <claudio@openbsd.org> @@ -405,6 +405,10 @@ aspath_extract(const void *seg, int pos) return (ntohl(as)); } +/* + * This function will have undefined behaviour if the passed in prefixlen is + * to large for the respective bgpd_addr address family. + */ int prefix_compare(const struct bgpd_addr *a, const struct bgpd_addr *b, int prefixlen) @@ -421,7 +425,7 @@ prefix_compare(const struct bgpd_addr *a, const struct bgpd_addr *b, if (prefixlen == 0) return (0); if (prefixlen > 32) - fatalx("prefix_cmp: bad IPv4 prefixlen"); + return (-1); mask = htonl(prefixlen2mask(prefixlen)); aa = ntohl(a->v4.s_addr & mask); ba = ntohl(b->v4.s_addr & mask); @@ -432,7 +436,7 @@ prefix_compare(const struct bgpd_addr *a, const struct bgpd_addr *b, if (prefixlen == 0) return (0); if (prefixlen > 128) - fatalx("prefix_cmp: bad IPv6 prefixlen"); + return (-1); for (i = 0; i < prefixlen / 8; i++) if (a->v6.s6_addr[i] != b->v6.s6_addr[i]) return (a->v6.s6_addr[i] - b->v6.s6_addr[i]); @@ -447,7 +451,7 @@ prefix_compare(const struct bgpd_addr *a, const struct bgpd_addr *b, return (0); case AID_VPN_IPv4: if (prefixlen > 32) - fatalx("prefix_cmp: bad IPv4 VPN prefixlen"); + return (-1); if (betoh64(a->vpn4.rd) > betoh64(b->vpn4.rd)) return (1); if (betoh64(a->vpn4.rd) < betoh64(b->vpn4.rd)) @@ -463,8 +467,6 @@ prefix_compare(const struct bgpd_addr *a, const struct bgpd_addr *b, return (-1); return (memcmp(a->vpn4.labelstack, b->vpn4.labelstack, a->vpn4.labellen)); - default: - fatalx("prefix_cmp: unknown af"); } return (-1); } |